How to enable the cross-origin resource sharing support in Talend MDM - 7.1

EnrichVersion
7.1
EnrichProdName
Talend MDM Platform
EnrichPlatform
Talend MDM Server
task
Administration and Monitoring > Monitoring services

Cross-origin resource sharing support in MDM

Subscription
You can enable the support of cross-origin resource sharing (CORS) in MDM when developing a web application consuming MDM REST resources.

By default, MDM does not support cross-origin resource sharing for security reasons.

What is cross-origin resource sharing?

Subscription
The following explain the basic concepts of cross-origin resource sharing.

An HTML5 cross-origin resource sharing (CORS) policy controls whether and how content running on other domains can perform two-way interaction with the domain that publishes the policy. The policy is fine-grained and can apply access controls per-request based on the URL and other features of the request.

For more information about CORS and how it works, refer to http://www.html5rocks.com/en/tutorials/cors/.

How to enable cross-origin resource sharing in MDM

Subscription
The following introduce how to enable the cross-origin resource sharing support in MDM before consuming MDM REST resources.

Procedure

  1. Stop your Tomcat server.
  2. Browse to the file <TomcatPath>/webapps/talendmdm/WEB-INF/web.xml and open it.
  3. Add the following web application filter: 
    <!-- CORS for development only -->
<filter>
   <filter-name>CorsFilter</filter-name>
   <filter-class>com.amalto.core.util.CorsFilter</filter-class>
   <init-param>
      <param-name>allowed-origin</param-name>
      <param-value>YOUR WEB APP URL</param-value>
   </init-param>
</filter>
<filter-mapping>
   <filter-name>CorsFilter</filter-name>
   <url-pattern>/services/rest/*</url-pattern>
</filter-mapping>

    In the filter, "YOUR WEB APP URL" indicates the base URL of your web application as displayed in your web browser, for example, http://192.168.174.170:3000.

    Because MDM REST services require authentication, this URL is mandatory and cannot use a wildcard (*).

  4. Restart the Tomcat server.
  5. Verify that the cross-origin resource sharing support is enabled successfully.
    You can try to access an MDM resource from a web browser with developer tools and check that the following HTTP headers are sent back in the response body:
    Access-Control-Allow-Credentials: true

 Access-Control-Allow-Headers: x-requested-with, Authorization, Content-Type

 Access-Control-Allow-Methods: POST, GET, OPTIONS, DELETE, PUT, PATCH

 Access-Control-Allow-Origin: YOUR WEB APP URL

 Access-Control-Max-Age: 3600